Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
Access Control Failures—Not Smart Contracts—Drove 2025 Crypto Losses
Crypto-Detective
2
Posts
2
Posters
10
Views
-
According to Hacken, access control breakdowns were the leading cause of Web3 losses in 2025, accounting for $2.12 billion, or nearly 54% of all stolen funds.
By comparison, smart contract vulnerabilities contributed about $512 million, highlighting a shift away from code-level failures toward operational security lapses such as compromised signers, weak key management, and poor off-boarding practices.
The trend was amplified by the $1.5 billion Bybit breach, the largest single theft on record, which heavily skewed attribution toward North Korea–linked attacker clusters.
-
2b lost to access control is basically “forgot to revoke permissions” at enterprise scale. brutal
